web-dev-qa-db-fra.com

Quels certificats racine approuvés sont inclus dans Java?

Quels certificats racine approuvés sont inclus dans Java, en particulier Sun Java et IBM Java? Comment puis-je obtenir la liste moi-même? Est-ce que Java sous Windows utilise des certificats du système d'exploitation?

35
Peter Štibraný

Allez dans les onglets "Panneau de configuration Java", "Sécurisé" et cliquez sur "Certificats". Allez sur l'onglet "Système" et sélectionnez "Secure CA" ou "Secure Sites CA" dans le menu déroulant.

IIRC, les certificats sont stockés dans un fichier Java sérialisé dans jre/lib/security/cacerts. Il s'agit d'un fichier de clés Java standard pouvant être manipulé à l'aide de l'utilitaire keytool:

keytool -keystore "$Java_HOME\jre\lib\security\cacerts" -storepass changeit -list

Je pense que Mac OS X utilise maintenant le système d'exploitation pour gérer les certificats.

33

Bien que Oracle JRE (anciennement Sun JRE) soit livré avec une gamme de certificats, comme mentionné par Tom, JRE utilisera également les certificats associés au navigateur actuel par défaut pour les applets et les applications Web Start . (tant que vous utilisez "Internet Explorer 5.0 ou supérieur ou Mozilla 1.4 ou supérieur") .

Cela devrait "fonctionner" si vous souhaitez effectuer une vérification de signature de signature, une authentification de serveur HTTPS ou une authentification de client HTTPS (par exemple, la signature d'applications Web Start avec un certificat d'entreprise déjà installé sur votre ordinateur). Pour des cas d'utilisation plus compliqués, vous pourriez trouver ce document plus utile.

7
rxg

Je viens de télécharger jre1.6.0 et d'exécuter la commande ci-dessus:

    Keystore type: JKS
    Keystore provider: Sun

    Your keystore contains 43 entries

    entrustclientca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DA:79:C1:71:11:50:C2:34:39:AA:2B:0B:0C:62:FD:55:B2:F9:F5:80
    verisignclass3g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
    thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 40:E7:8C:1D:52:3D:1C:D9:95:4F:AC:1A:1A:B3:BD:3C:BA:A1:5B:FC
    addtrustclass1ca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
    verisignclass2g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
    thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 36:86:35:63:FD:51:28:C7:BE:A6:F0:05:CF:E9:B4:36:68:08:6C:CE
    addtrustexternalca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
    valicertclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
    entrustsslca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
    equifaxsecureebusinessca2, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC
    equifaxsecureebusinessca1, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
    thawtepremiumserverca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
    verisignclass2g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
    addtrustqualifiedca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
    gtecybertrustca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
    entrustglobalclientca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): CF:74:BF:FF:9B:86:81:5B:08:33:54:40:36:3E:87:B6:B6:F0:BF:73
    utnuserfirsthardwareca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
    starfieldclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
    verisignclass1g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
    thawteserverca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
    verisignclass3ca, Oct 27, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
    entrustgsslca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 89:39:57:6E:17:8D:F7:05:78:0F:CC:5E:C8:4F:84:F6:25:3A:48:93
    geotrustglobalca, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
    verisignclass1g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
    utnuserfirstclientauthemailca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
    comodoaaaca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
    baltimorecybertrustca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
    equifaxsecureca, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
    verisignclass2ca, Oct 27, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 67:82:AA:E0:ED:EE:E2:1A:58:39:D3:C0:CD:14:68:0A:4F:60:14:2A
    verisignserverca, Jun 29, 1998, trustedCertEntry, 
    Certificate fingerprint (SHA1): 44:63:C5:31:D7:CC:C1:00:67:94:61:2B:B6:56:D3:BF:82:57:84:6F
    entrust2048ca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE
    utndatacorpsgcca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
    soneraclass2ca, Mar 28, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
    utnuserfirstobjectca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
    verisignclass1ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 90:AE:A2:69:85:FF:14:80:4C:43:49:52:EC:E9:60:84:77:AF:55:6F
    gtecybertrustglobalca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
    baltimorecodesigningca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 30:46:D8:C8:88:FF:69:30:C3:4A:FC:CD:49:27:08:7C:60:56:7B:0D
    soneraclass1ca, Mar 28, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
    thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85
    gtecybertrust5ca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 47:C5:4C:BC:DA:5D:76:CE:62:88:38:11:AC:11:66:5D:55:F4:2C:00
    verisignclass3g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
    godaddyclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
    equifaxsecureglobalebusinessca1, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
1
ruediste